June 27, 2012

There’s only one thing you need to know to avoid being late: In order to be “on time” you have to get there early.

I know: it’s not fair. And it’s not much of a “trick” either, even if it’s fail-proof.

The truth is, if any kind of commute is involved, you simply can’t time things to the minute, in part because there are so many variables. Driving is just part of the equation; parking and walking from where you’ve parked takes time that is easily overlooked. Depending on where you are going, security checks, unanticipated lines, and waiting for the elevator can be factors, never mind the glitches that happen when trying to find a place for the first time.

I generally give myself 25% more time than I think it will take to get me where I’m going. That sounds like a lot of time, but it really isn’t, considering it’s only an extra fifteen minutes for an hour’s journey. I usually end up just a few minutes early, because invariably the trip takes longer than it “should.” For very little “wasted time” you, too, can give yourself a calm and peaceful commute knowing you’ll truly arrive on time.

June 08, 2012

Today I saw an article on Slate that referred to Russian hackers stealing 6 million passwords from LinkedIn, and I thought: oh, that’s weird. Alpay said he wasn’t worried about it because LinkedIn was forcing those whose passwords were compromised to get a new password, and when he went to LinkedIn, his was fine. So I went to LinkedIn. I didn’t get very far, because I needed to change my password.

Fortunately, another Slate article describes how to quickly and easily create super-strong passwords, as well as a system for making each unique. While I try not to use the same password for everything, I won’t deny I do double-dip sometimes. I don’t know how much damage a hacker could do with my login at Lancome or the New York Times. I also figure that if you have only unique passwords, it’s impossible to remember them all, and then the problem becomes where to hide the password list. It seems practically any place--either hard copy or soft--is unsafe. Digging out the list from a file every time you want to logon would be impractical. And I don’t like the idea of “remember me on this computer” because what if a computer is stolen? Then the thief would have access to all the sites you use before you had a chance to change them.

I actually don’t have an excuse not to have unique passwords for everything: for the last couple of years, I’ve subscribed to a virus protection package that includes a password logon service. I can have as many passwords as I want, as complex as I want, and I don’t have to memorize them. I logon to the service and whenever I go to a site that requires a password, the service logs me in. Alpay doesn’t like this. He thinks it’s risky--that all a hacker has to do is hack that one site, and then they have all your passwords. And that’s true. I am rather putting my eggs in one basket this way. But one of the things pointed out in the Slate article is that LinkedIn did not use standard, high-level encryption. I trust that an undisputed leader in computer security would be able to keep their own site secure, but concede the possibility that I might one day rue this trust.

But I’m more concerned about plain human error. Like: I realized my LinkedIn password was the same as my logon service. And so today, I changed all my logons, one by one.

A postscript: Slate reporter Will Oremus addresses why only some LinkedIn passwords appear to be compromised. We know that the compromised passwords were published as a list online. Security experts hypothesize that those were the passwords the hackers couldn’t match with an email address, which is what they would need to confirm an account. So if your password wasn’t on the list, it may not be because they don’t have it, but that they have successfully matched your password to your account. Maybe this weekend would be a good time for a password change project for everyone.